To evade eavesdropping in a network environment, information that travels over the network, and in particular over the Internet, is usually encrypted between endpoints of the network. However, information is typically unprotected between a user and the application used by a user, making the information susceptible for interception and eavesdropping.
For example, a user's input is vulnerable to various types of keystroke logging. Keystroke logging captures a user's keystrokes, typically to obtain passwords or encryption keys, thereby bypassing security measures of a system. Keystroke logging may be achieved by both hardware and software means. Some systems include devices which are attached to the keyboard cable and also devices which can be installed in keyboards. Software applications for keylogging are also easy to obtain and/or develop, and may be distributed as a trojan horse or as part of a virus or worm.
To address this problem on-screen keyboards have been developed. However, a problem that has been identified with existing on-screen keyboards is that a screen capture of the keyboard, in addition to the recording of mouse pointer coordinates, will still reveal what keys have been clicked by a user, thereby overcoming this security measure.
Information presented or displayed to the user on the screen of a computer, or on any other graphical user interface (GUI), may be subjected to screen capture of various kinds. Therefore, sensitive or confidential information, such as a password or banking details of a user, may be obtained whenever it is displayed on the screen.